Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Java Firewall?

From: sgcctxw () citec qld gov au (Thomas Whateley)
Date: Wed, 8 Oct 1997 11:28:34 +1000 (EST)


Hi,

I sent this message to the list a last week, but it doesn't seem have made
it thru... I've checked the address, and it seems ok, bout the only thing
i can think off is that it was blocked because i'm subscribed to the digest
and not the list proper (or its unrelated sheit :)

did you actually see this?

Thanks,
Thomas.


--
Forwarded message:

From sgcctxw Thu Oct  2 11:13:10 1997
Subject: Java Firewall?
To: firewall-wizards () nfr net
Date: Thu, 2 Oct 1997 11:13:11 +1000 (EST)
X-Mailer: ELM [version 2.4 PL24 PGP3 *ALPHA*]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1564      


Hi,

Has anyone thought seriously about using a Java machine to build 
a firewall? (an actual Java machine running on a Java chip (when 
they appear), rather than a Java virtual machine running on some 
other OS.)

I was thinking of a setup allong the following lines:

------------------- Outside / Internet
      |
      |                
    ------             |
    | FW | ------------|  -----
    ------             |--|   |  Boot / Logging Host
      |                |  ----- 
      |                |
      |
      |
------------------ Inside


With the FW beging a diskless Java machine which will boot from
and Log to a machine on an seperate interface (or on the inside),
but other wise wouldn't allow any connections to it.

The advantages of such a set up would include:
* OS designed/built with a security focus (not patching an 
  existing system)
* The whole OS is small and doesn't include alot of baggage
  that is unnecessary for a FW machine.
* Scalability (just plug in another "thin" java machine)
* Saleability (the marketing guys should love this one)

Disadvantages
* Not having a disk could make spooling mail difficult
  (could be done another way, or on a RAM Disk)
* Performance issues?  (should be addressed by actual Java chips)


I'm sure there would be plenty more advantages and disadvantages,
but can anyone see any Glaring problems with such a setup?


Regards,
Thomas
--
Thomas Whateley                 | To see what is in front of one's
UNIX/Internet Support, Citec    | nose needs a constant strugle.
txw () citec qld gov au         |                       George Orwell
Previous By Date Next
Previous By Thread Next

Current thread: